It seems that data privacy breaches are occurring daily. What has been happening this year, you ask? Well, some of the most significant breaches include:
This list could continue on and on and on. I think you have the idea.
Protecting customer and employee personal data is no longer a choice. Europe has set a precedent with the Data Protection Directive, which GDPR has replaced. Similarly, in the US, California is following suit with the California Consumer Privacy Act of 2018 CCPA.
It is possible that a business does not have to comply with California or European law, but one will likely come to your state sooner than later.
The general idea of these laws is that a company must protect personally Identifiable Information (PII). It is not sufficient to notify the customer when there IS a breach. Businesses must put protection mechanisms in place now. Protection involves everything from encrypting data at rest and in transit to controlling who has access to the Database (DB).
The European Union set fines for GDPR that are tremendous. The EU has determined fines can be between 20 million Euro or 4% of the company’s global turnover, whichever is higher.
Medical data is protected under the Health Information Portability and Accountability Act (HIPAA), and the Health Information Technology for Economic and Clinical Health (HITECH) Act requires the protection of Personal Health Information (PHI). HITECH has the maximum penalty set at $1.5 million; while not as harsh as GDPR can still be painful for companies.
Significant health data breaches include:
Take action now! Either phishing attacks or source code flaws are the source of most breaches today.
Users (people in general really) need constant reinforcement of security awareness concepts. A training video once a year that lasts one hour at best is not sufficient. Check out KnowBe4 for more info.
Improved coding practices are essential. Simply said because hackers are exploiting our flaws. Our friends at Manicode can help train your developers on secure coding practices.
Inspecitv works with 1700+ vetted security researchers to continuously scan and identify security vulnerabilities. Taking the perspective of an external attacker, Inspectiv identifies assets, continuously monitors for vulnerabilities, validates, deduplicates, and then provides this critical information in a streamlined and actionable format.